[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] [Fwd: Kernel Security]
- Subject: [ale] [Fwd: Kernel Security]
- From: krum at smyrnacable.net (Kevin Krumwiede)
- Date: 28 Mar 2002 06:51:36 -0500
The exploit scenario described for this bug sounds unlikely, but it's
still something to be aware of I guess.
Krum
-----Forwarded Message-----
From: Michael LERCH <Michael.Lerch at ch.dhl.com>
To: ale at ale.org
To: lfs-security at linuxfromscratch.org
Subject: Kernel Security
Date: 28 Mar 2002 12:06:54 +0100
Hi,
I think this may interest some people :
There is a vulnerability in the kernel, version: up to 2.2.20 and
2.4.18
Issue:
In case of excessively long path names d_path kernel internal
function
returns truncated trailing components of a path name instead of
an error
value. As this function is called by getcwd(2) system call and
do_proc_readlink() function, false information may be returned to
user-space processes.
For more information :
http://online.securityfocus.com/archive/1/264117
I had a quick glance, at http://www.kernel.org no patch seems to be
available.
Bye
Michael
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.